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REMARKS/ARGUMENTS 

L Introduction 

This amendment is submitted in response to the Final Office action 
dated October 17, 2005, The specification has been amended to correct typographical 
errors, and in response to the Examiner's objections. Claims 15-21 were previously 
canceled. Claims 1, 8 and 10 has been amended in the current response. Claims 1 
and 10 were amended to address antecedent basis issues and to clarify the claims 
while claim 8 was amended to rewrite the claim in independent foim. As part of the 
amendment to claim 1, the indentation used on the last ttiree elements of claim 1 has 
been revised to clarify the claim. No new matter has been added to the specification 
or claims. 

The Election/Restrictions requirement has been maintained by die 
Examiner and was made FINAL. 

Accordingly, Claims 1-14 are now pending. 

The drawings stand objected to as failing to comply with 37 CFR 
1.84Cp)(5) for failure of inclusion of references. Except for Examiner's second 
objection (reference 529 in figure 5), the references have been corrected in the 
specification. Therefore, there is no need to amend the drawings. Reference 529 of 
figure 5 was objected to because the Examiner believed it was not described in the 
specification. Applicant respectfully contends that it is described on p. 30, line 12 of 
the specification* Accordingly, the objection should be withdrawn. 

Regarding claim 10, the Examiner found insufficient antecedent basis 
for the limitation "said average flow rale" in the claim. Claim 10 has been amended 
to correct this problem. 
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Claim 1 1 stands rejected under 35 U.S.C. 112, second paragraph, as 
being indefinite. Claims 1-5, 11, and 14 stand rejected under 35 U.S.C. 102(e) as 
being anticipated by U.S. Patent Application Publication No. US 2003/0035370 Al to 
Brustoloni (hereinafter 'the Brustoloni publication"). In addition, claims 6, 7, 12, aiul 
13 stand rejected under 35 U.S.C. 103(a) as being unpatentable over the Brustoloni 
publication in view of U.S. Patent Application Publication No. US 2002/0105908 Al 
to Blumer et al. (hereinafter **the Blumer et al. publication"). 

Claims 8-10 are allowed. Applicant thanks the Examiner for this 
allowance. Claim 8 was rewritten in independent form given the indication that it 
was allowable. 

Applicant will now address and overcome each of the Examiner's 
rejections after summarizing the invention.. 

n. Summary of the Inveption 

The present invention is directed to the provision of a mechanism for 
use in defending against flooding network denial of service attacks. Generally, for 
the claims at issue here, this involves exaniining packets in a flow, determining 
whether the protocol of the packets is one that should be responsive to congestion 
signaling (such as TCP), or is not such a protocol (such as a '*best-effort" protocol, 
like UDP). Then, if the protocol should be; responsive to congestion signaling, 
determining whether the system does ^propriately respond. If it doesn't respond 
appropriately, the packets are dropped. If the system does appropriately respond, 
then those packets, along with packets using a protocol that is generally not 
responsiye to congestion signaling, are compared to historic similar flows, and 
packets are dropped if the flows exceed historic flow rates. 

j 
I 

i 
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ni. Sttmmarv of the Bnistoloni publication reference 

The Bnistoloni publication discloses protecting a site firoin denial of 
service attacks by seeing if the incoming traffic confoims to a user-supplied profile 
(such as protocol type, acceptable destination port numbers, maximum transmission 
rate, maximum number of allowed connections, and whether to enforce congestion- 
avoidance). Further, packets may be forwarded in multiple classes of service, 
deprading on the type of traffic (Abstract). 

The Brustoloni publication recognizes that enforcing congestion- 
avoidance may be problematic. One approach discxissed is to utilize **ingress 
filtering" (paragraph 0029), which involves checking a packet at the origination end 
to ensure that it is properly addressed. Another is to avoid "spoofing 
acknowledgements" by using SPE units, installed in the network for this purpose, to 
utilize a challenge-response system (paragraph 0030). This approach entails sending 
messages between the SPE units, to see whether the coded response is correct. If the 
response is incorrect, the traffic is blocked. 

Where ingress fihering and an SPE unit architecture are not available, 
the Bnistoloni publication calls for segregating all such packets in a separate class of 
service (paragraph 0041). In this way, the traffic which is screened by either ingress 
filtering or by the use of SPE units can be placed in a different class of service than 
those packets for which no screening can be accomplished. Therefore, denial of 
service attacks would only affect packets in the "unprotected" class of service, To put 
it another way, the Bnistoloni publication recognizes a class of traffic that it can*t 
handle regarding denial of service attacks, and simply puts such traffic in its own 
class, to limit its potential damage. 

As will be discussed below, the present invmtion difiers significantly 
from the Brustoloni publication by including various features such as "determining if 
the packets in the flow correspond to a communications protocol which is responsive 
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to congestion signaling" in combination with the step of "when said flow is 
determined to Include packets correspondiag to a communications protocol 
which is responsive to congestion signaling: determining if aie flow performs in a 
manner indicating that the flow is responsive to congestion signaling*^ Such a 
combination of features is not taught by the Bnistoloni publication. 

IV. The Rejection of Claim 11 35 U.S,C. 112, 
secondparagraph. as being indefinite 

The Examiner states that claim 1 1 is indefinite because **the word 
'non-responsive' contradicts claim 1 and the inventive concept as described in the 
application.'* Applicant respectfully disagrees. 

Claim 1 (which claim 1 1 depends bom) discloses the method of 
detemiining whether packets in a flow correspond to a communications protocol 
which is r^ponsive to congestion signaling. Claim 1 then discloses that if the flow is 
detennined to include packets corresponding to a communications protocol which is 
responsive to congestion signaling and it is detemMned that the flow •'performs in a 
manner indicating that the flow is responsive to congestion signaling", it is 
forwarded. However, if a flow which is detennined to include packets corresponding 
to a communications protocol which is responsive to congestion signaling and the 
flow performs "in a maimer indicating that it is non-responsive to congestion 
signaling", it is blocked- Thus, a check is made to determine if the flow is responding 
to congestion signaling as it should and it is blocked if it is not responding 
appropriately. 

Claim 1 1 discloses an "additional flow"*, i.e.» a flow in addition to the 
flow recited in claim 1 , for which it is detennined that the protocol is n^i one that is 
responsive to congestion signaling (as opposed to the protocol of the flow in claim 1, 
in which the protocol may be responsive to congestion signaling). Since the protocol 
of the additional flow is not responsive, in the method recited in claim 1 1, at least 
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some of the packets in the additional flow are forwarded. There is no contradiction 
between claims 1 and 11. 

V. The Rejection of Claims US, 11, and 14 

under 3S U.S,C, S102fe^ Based on the Brnstoloni publication 

Regarding claim 1, the Brustoloni publication does not teach or 
suggest the step of "determining if the packets in the flow correspond to a 
communications protocol which is responsive to congestion signaling*'. First, as 
discussed above, the Brustoloni publication does not distinguish between protocols 
that are or are not responsive to congestion signaling. The only teaching regarding 
"congestion signaling'* in the Brustoloni publication relates to a "challenge-response** 
system of SPE*s, as described at paragraph 0030. 

Second, even if the Brustoloni publication did determine that a 
protocol was responsive to congestion signaling, the reference does not teach or 
suggest "determining if the flow performs in a manner indicating that the flow is 
responsive to congestion signaling*'. The Brustoloni publication does not teach or 
suggest any determination of the performance of any flows, other than to see if the 
flow matches the profile established by the user (jparagraph 0033). 

Thnd, the Brustoloni publication does not teach "blocking the packets 
fix)m said flow when said flow is determined to perform in a manner indicating that it 
is non-responsive to congestion signaling** (claim 1 of the present invention), since 
the Brustoloni publication does not detennme whether the flow is non-responsive. 

For at least these reasons, claim 1, and claims 2-5, 1 1, and 14 which 
depend therefrom, are not rendered unpatentable by the Brustoloni publication. 
Claim 1 is patentable because it recites^ among other things, the features indicated in 
bold below: 

A method of controlling a network node to process a plurality of 
packet flows, die method comprising: 
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receiving packets coiresponding to a flow; 

determining if the packets in the flow correspond 
to a communications protocol which is responsive to congestion 
signaling; 

when said flow! is determined to inciude packets 
corresponding to a commnnications protocol which is 
responsive to congestion signiEiling: 

determihing if the flow performs in a 
manner indicating that the flow is responsive to 
congestion signaling; 

forwarding at least some received packets 
coiresponding to the flow when it is determined that 
the flow performs in a manner indicating that it is 
responsive to congestion signaling; and 

blocking the packets from the flow when the 
flow is detemiined to perform in a maimer 
indicating that it is non-responsive to congestion 
signaling. 

Further regarding claim 3, in addition to the above arguments, claim 3 
includes: **monitorirtg a flow rate of said flow; to determine if the monitored flow rate 
decreases in response to congestion signaling/' First, the Brustoloni publication does 
not teach or suggest performing "congestion signaling'*. Second, the Brustoloni 
publication does not teach monitoring the rate of a flow to determine if it decreases, 
for any reason. For these additional reasons, claim 3, and claims 4-5 which depend 
. therefrom, are patentable over the Brustoloni publication. 



Claim 3 recites, and is further patentable because of the features 
indicated in bold: i 



The method of claim 1,- wherein determining if the flow 
performs in a manner indicative of responsive to congestion 
signalmg includes: j 

monitoring a flow rate of said flow to determine if 
the monitored flow rate decreases in response to congestion 
signaling. 
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The Rejection of Claims 6» 7, 12, anc 
on the Bnistoloni publicatjon In view 



13 under 35 U.S.C, §103(a) based 
of the Blumer ^t al. nnbUcation 



For the reasons discussed above, claim 1, and therefore claims 69 7, 
12, and 13, which depend therefix>m, are not rendered unpatentable over the 
Brustoloni publication. 

The Blumer et al. publication d iscloses apparatus for utilizing a buffer 
to store, forward, and discard packets based on the probability that the packets will be 
dropped (paragraph 0013). There is no teaching or suggestion of '^determining if the 
packets in the flow correspond to a conununications protocol which is responsive to 
congestion signaling". There is also no teaching or suggestion of "determining if the 
first flow performs in a manner indicative of responsive to congestion signaling". 
Lastly, there is no teaching or suggestion of "blocking the packets from said flow 
when said first flow is determined to perform !in a manner indicating that it is non- 
responsive to congestion signaling**. 



renden 



Therefore, there is no 
the Blumer et al. publication which would 
present invention unpatentable. It is therefotje 
pending claims 1-14 proceed to issue. 

yjl. Conclusion 

[ remarlcs, 



coinbina^on of the Bnistoloni publication and 
any of the pending claims of the 
respectfully requested that the 



In view of the foregoing 
the pending claims are in condition 
that the Examiner pass this application to issu 



If there are any outstanding 
the application in condition for allowance the 
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issues which need to be resolved to place 
Examiner is invited to contact 
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Applicant's undersigned r^resentative by phone to discuss and hopefully resolve 
said issues. To the extent necessary, a pietition for extension of time under 37 
1.136 is hereby made, the fee for which ishould be charged to Patent Office deposit 
account number 07-2347 . 



February 17, 2006 



Respectfully submitted. 




Joel W^, Attorney 
Reg. No. 25,648 
Tel.: (972) 718-4800 
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